The Issues of Software Being Classified as Malicious by Antivirus False Positive Alerts

摘要

The continuous development of evolving malware types creates a need to study and understand how antivirus products detect and alert the user. This paper investigates today's antivirus solutions and how their false positive alerts affect the software development and distribution process, which in the long term could even lead to loss of business. It is discussed and demonstrated how antivirus detection deals with bespoke applications and how this can be reversed and manipulated to evade detection, allowing to be used by malicious software developers. The paper also presents ideas that would enable antivirus products to overcome these detection issues without altering their detection engines but by focusing on the developer's source code submission. The potential lack of essential and in most cases obvious steps in malicious software detection is also examined. The paper concludes that the inconsistencies between different antivirus detection engines along with the introduction of reputation based detection, allows more sophisticated and undetectable malicious software to be created and spread.